Next-Gen Security (via Cloud): Part 1 – Identity Management
Security By Design
Enterprises rely on computing systems and automation more than ever to detect threats to intellectual property, reputation, and privacy.
The pace of globalization continues, and the concept of “perimeter erosion” as described by the Jericho Forum is becoming a reality. Traditional boundaries between organizations continue to disappear.
It becomes extremely difficult to take a holistic approach to security, that can facilitate a business-driven security blueprint and strategy that can act as an effective shield of defense for the entire organization.
That’s why organizations are in desperate need of next-generation services that are secure by design, meaning that security is easily made intrinsic to their business processes, their product development, and their daily operations.
A Security Framework
The above enterprise security framework can be used to describe elements of security for the largest of entperises:
- People and Identity – how to ensure that the correct people have access to the correct assets at the correct time.
- Data and Information – how to protect critical data in transit or at rest across the organization.
- Application and Process – how to ensure application and business services security.
- Network, Server and Endpoint (IT infrastructure) – how to stay ahead of emerging threats across IT system components.
- Physical Infrastructure – how to leverage the capability for digital controls to secure events—on people or things—in the physical space.
When someone talks about “Cloud Security” there are typically two perspectives:
- How to secure your use of virtual private, and public cloud services, or
- How to use the cloud to deliver a more holistic suite of security services
I believe innovation is beginning to occur from both of these perspectives with an emerging suite of Security As A Services, which will disrupt across the entire enterprise security framework. Lets start by looking at “People and Identify Management” and how cloud has been leveraged.
People and Identity Management
Directory services may be old news, but they still represent an important part of the IT infrastructure. The question for many organizations is how to take an existing directory that grew up around locally served applications and services such as file and print, and use it with cloud-based services such as Google and Salesforce.com.
Too often, the answer is to avoid integration between local identities and the cloud. That choice, convenient as it may be in the short run, is likely to blow up in one’s face someday. As cloud-based services proliferate, the potential only increases for trouble through a compromised user identity, or a dropped ball on the part of an administrator provisioning services for users.
Enter Symplified and its SinglePoint cloud-based single sign-on services. Symplified’s approach to SSO makes heavy use of open-source technologies and methods such as SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) to perform its chores, and delivers it as a SaaS and PaaS offering.
Although the nature of cloud-based services makes it possible to slipstream new features into the mix, Symplified chose instead to implement an entirely new provisioning fabric for SinglePoint in July, implementing augmented synchronization and directory capabilities, and a service that allows companies to use Google and Salesforce.com as cloud-based directory services that can authenticate users in other applications.
The new Symplified Identity Vault can substitute for an on-premises directory service, and manage user identities as a cloud-based function, independent of any local infrastructure. For example, in a traditional portal environment, the IT group would maintain users within an LDAP directory; when the Identity Vault is implemented, the portal instead turns to Google or Salesforce.com for authentication, and uses the information supplied by the chosen service to deny or grant access.
More on the use of Cloud for securing your data and information; applications and processes; networks, servers and endpoints; and physical infrastructure to come….